CVE-2026-28490 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified i…
High CVSS: 8.3

CVE-2026-28490

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9.
Vendor
Authlib
Product
Authlib
CWE
CWE-203
Yayın Tarihi
2026-03-16 18:16:07
Güncelleme
2026-03-17 20:45:45
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-203 Authlib HIGH Authlib 2026

Referanslar

https://github.com/authlib/authlib/commit/48b345f29f6c459f11c6a40162b6c0b742ef2e22 https://github.com/authlib/authlib/releases/tag/v1.6.9 https://github.com/authlib/authlib/security/advisories/GHSA-7432-952r-cw78